I’m trying to get my authorization code with an axios POST call in JS, with all the good parameters sended to this url : https://id.twitch.tv/oauth2/token.
But I’ve got this error as response :
I’ve already get my code in this URL : https://id.twitch.tv/oauth2/authorize
Here is my JS code :
I really don’t know here is the problem…
Thanks for help !
This likely indicates that the
code which is a one use
code has already been used to be exchanged for an access code.
Since you have this hardcoded rather than fetching it from query string parameters.
Addititionally your JS code indicates (
DomContentLoaded) that you appear to be doing a
token exchange in the front end, which will leak you private
client_secret to the world.
Yes I have refresh a new code and it does work really well.
This code was for testing purposes but I will leave all my code in a secure file of course
Thank you for your answer !
If you are making the request from the front end and not the backend then users can extract the client secret from the axios call made as it will log in the network inspector part of any web browser inspector.
So a “secure file” doesn’t really exist on the front end.